Topics:
CIOs Uncensored
Contractors Are A Security Threat -- Both Active And Passive
Two Congressmen are calling for an investigation into computer break-ins at the Department of Homeland Security last year that were traced to a Chinese language Web site. The perpetrators are, apparently, still unknown. But contractors working for Unisys are being investigated for, first, not preventing the breaches and then attempting to cover them up, according to stories by the Associated Press and the Washington Post. Call it closing the barn door after the horses have gone -- and that's generally the proper analogy when investigating computer security breaches. What's upsetting is that Unisys was awarded a $1.7 billion contract to build and maintain the Homeland Security Dept.'s network, including its security systems. According to a recent report by Input, a research firm that studies government use of IT, Homeland Security is fourth on the list of ten government agencies that represent 65% of the federal government's overall spend on IT products and services. You'd think, for that kind of money, you could get at least competent execution. The problem, in this situation, is that it involves security: If an application isn't built competently, you get what? A system crash. If a security system isn't put together competently, you get what? An insecure system. And when that system is running in the Dept. of Homeland Security, well, the implications are obvious. Is this a case of, if you want it done right you have to do it yourself? Is network security better done by in-house staff? Do you have third-party contractors working on security in your organization? And do you sleep well at night?
« Greetings From Demo 2007 Fall | Main | Google: A Virtual Video Headquarters Tour » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
| |||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||
| |
|||||||||||||||||||||||||||||||||||||||||
|
|
|
|
||||||||||||
|
||||||||||||||
|
|
|
|
||||||||||||
| | | ||||||||||||
|
|
|
|
||||||||||||
|
||||||||||||||
|
|
|
|
||||||||||||
| | | ||||||||||||
| | | ||||||||||||
|
Ars Technica
Boing Boing Channel 9 Forums CRN Blogs Dr.Dobb's Portal: Blogs Engadget Gizmodo GrokLaw |
Lifehacker
Schneier on Security Slashdot TechCrunch Techdirt Techmeme Valleywag |
